[OpenAFS] openafs + gdm + home directory

Klaas Hagemann kerberos@northsailor.de
Wed, 18 Sep 2002 16:07:08 +0200 

Hi,

i think there are 2 seperated possibilities which may occure:

1. the token is destroyed before all the files are written in the
home-direktory

2. the display- or loginmanager (i am not very familiar with these things
yet) writes these files as its own user or even as root.

I have no idea, which one of these failures occours, or even both.
Anybody any idea?

Klaas
----- Original Message -----
From: "Rubino Geiß" <kb44@rz.uni-karlsruhe.de>
To: "'Jason Edgecombe'" <jedgecombe@carolina.rr.com>;
<openafs-info@openafs.org>
Sent: Tuesday, September 17, 2002 7:22 PM
Subject: RE: [OpenAFS] openafs + gdm + home directory


> > I seem to be having a problem with gnome gconf in Redhat 7.3.
> >
> > upon logout, I get "afs failed to store file" on the console and upon
> > logging back in and running nautilus, it says that gconf
> > failed to load.
> >
> > I have partially tracked it down to a lockfile that is not
> > removed from
> > ~/.gconfd/lock. If I remove that directory, gconfd doesn't complain.
> >
> > I temporarily worked around this by doing fs sa ~/.gconfd
> > system:anyuser
> > write. I know this is BAD, but I don't have another option at
> > this time.
> >
> > Does anyone have some insight?
>
> All this can be easily avoided by: (source
> http://www.openafs.org/pages/doc/QuickStartUnix/auqbg007.htm)
>
> no_unlog
> Normally the tokens are deleted (in memory) after the session ends.
> Using this options the tokens are left untouched. This behaviour has
> been the default in pam_afs until openafs-1.1.1!
>
> remainlifetime sec
> The tokens are kept active for sec seconds before they are deleted. X
> display managers i.e. are used to inform the applications started in the
> X session before the logout and then end themselves. If the token was
> deleted immediately the applications would have no chance to write back
> their settings to i.e. the user's AFS home space. This option may help
> to avoid the problem.
>
> (/etc/pam.d/xdm)
>    auth       required     /lib/security/pam_nologin.so
>    auth       required     /lib/security/pam_login_access.so
>    auth       sufficient   /lib/security/pam_afs.so ignore_uid 100
> use_klog
>    auth       required     /lib/security/pam_pwdb.so try_first_pass
>    account    required     /lib/security/pam_pwdb.so
>    password   required     /lib/security/pam_cracklib.so
>    password   required     /lib/security/pam_pwdb.so shadow nullok
> use_authtok
>    session    optional     /lib/security/pam_afs.so remainlifetime 10
>    #                                                ^^^^^^^^^^^^^^^^^
>    #Wait 10 seconds before deleting the AFS tokens in order to give
>    #the programs of the X session some time to save their settings
>    #to AFS.
>    session    required     /lib/security/pam_pwdb.so
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info